[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
----------------------------------+---------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
If a site makes connection attempts or element loads sourced for
127.0.0.1, can it build a list of open local TCP ports for fingerprinting
purposes? Open ports may yield different error conditions than closed
ports for certain request types and elements..
There may be other vectors to to this through DNS rebinding too, but I
believe in those cases the hostname should always be provided to the SOCKS
port, and such connections will happen to the exit, which should block
them.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs